Web Server forum
Back To The Forum Home!Search!Private Messaging System
Visit your User Control Panel!Register your FREE username now!Visit Our Calendar!View the Member List!Faqs!Search our Forums!

This is Interesting: Free IT Magazines Now Free shipping to   
Web Server Talk Web Server Talk > Server Security > Snort > [Snort-users] Re: Help with alert_unixsock issues




  Last Thread   Next Thread Next
  Show Printable Version Email this Page Subscribe to this Thread      Post New Thread    Post A Reply      

    [Snort-users] Re: Help with alert_unixsock issues  
James Turnbull


View Ip Address Report This Message To A Moderator Edit/Delete Message


 
12-02-05 01:49 AM

Simon Biles wrote:
> Try the following PERL for example :
>
Thanks!  That worked perfectly.

Regards

James Turnbull

--
James Turnbull <james@lovedthanlost.net>
---
Author of Hardening Linux from Apress
(http://www.amazon.com/exec/obidos/t...l/-/1590594444/)
---
PGP Key (http://pgp.mit.edu:11371/pks/lookup...arch=0x0C42DF40)



-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
 ________________________________________
_______
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists...nfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf....ist=snort-users




[ Post a follow-up to this message ]



    Re: [Snort-users] Re: Help with alert_unixsock issues  
James Turnbull


View Ip Address Report This Message To A Moderator Edit/Delete Message


 
12-02-05 01:49 AM

Hi

Simon Biles kindly provided the below code where he has specified a
template for unpacking part of the alert format of the alerts sent to
the alert_unixsock output plug-in.
> $TEMPLATE = "A256 A*";
>
Does anyone know if the format of these alerts is documented somewhere?
I am having a lot of trouble unpacking the remainder of the data in the
alert.

Thanks

James Turnbull

--
James Turnbull <james@lovedthanlost.net>
---
Author of Hardening Linux from Apress
(http://www.amazon.com/exec/obidos/t...l/-/1590594444/)
---
PGP Key (http://pgp.mit.edu:11371/pks/lookup...arch=0x0C42DF40)



-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
 ________________________________________
_______
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists...nfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf....ist=snort-users




[ Post a follow-up to this message ]



    Sponsored Links  




 



   All times are GMT. The time now is 12:35 AM.      Post New Thread    Post A Reply      
  Last Thread   Next Thread Next


Most Popular forums 
Apache Server MySQL for Windows Sendmail
Red Hat Networking SuSe Linux Debian Linux
FreeBSD administration Sun Solaris administration Unix Shell programming
WebSphere Portal Server Exchange 2000 administration PostgreSQL administration
Linux Security Computer Security Firewalls

Forum Jump:
Rate This Thread:

Forum Rules:
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts 		HTML code is OFF
vB code is ON
Smilies are ON
[IMG] code is OFF
 

Back To The Top
Home | Usercp | Faq | Register